From 22a7152e92d958dae7ad759f11fb6b02b6ab3258 Mon Sep 17 00:00:00 2001 From: Katja Suess Date: Mon, 30 Sep 2019 10:34:49 +0200 Subject: [PATCH 1/8] publish only pending comment, else show status message --- plone/app/discussion/browser/moderation.py | 23 +++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/plone/app/discussion/browser/moderation.py b/plone/app/discussion/browser/moderation.py index 556b604..075ee8a 100644 --- a/plone/app/discussion/browser/moderation.py +++ b/plone/app/discussion/browser/moderation.py @@ -8,11 +8,13 @@ from plone.app.discussion.events import CommentDeletedEvent from plone.app.discussion.interfaces import _ from plone.app.discussion.interfaces import IComment from plone.app.discussion.interfaces import IReplies +from plone.protect.interfaces import IDisableCSRFProtection from Products.CMFCore.utils import getToolByName from Products.Five.browser import BrowserView from Products.Five.browser.pagetemplatefile import ViewPageTemplateFile from Products.statusmessages.interfaces import IStatusMessage from zope.event import notify +from zope.interface import alsoProvides class View(BrowserView): @@ -205,17 +207,24 @@ class PublishComment(BrowserView): """ def __call__(self): + alsoProvides(self.request, IDisableCSRFProtection) comment = aq_inner(self.context) content_object = aq_parent(aq_parent(comment)) workflowTool = getToolByName(comment, 'portal_workflow', None) workflow_action = self.request.form.get('workflow_action', 'publish') - workflowTool.doActionFor(comment, workflow_action) - comment.reindexObject() - content_object.reindexObject(idxs=['total_comments']) - notify(CommentPublishedEvent(self.context, comment)) - IStatusMessage(self.context.REQUEST).addStatusMessage( - _('Comment approved.'), - type='info') + review_state = workflowTool.getInfoFor(comment, 'review_state', '') + if review_state == "pending": + workflowTool.doActionFor(comment, workflow_action) + comment.reindexObject() + content_object.reindexObject(idxs=['total_comments']) + notify(CommentPublishedEvent(self.context, comment)) + IStatusMessage(self.context.REQUEST).addStatusMessage( + _('Comment approved.'), + type='info') + else: + IStatusMessage(self.context.REQUEST).addStatusMessage( + _('Comment already approved.'), + type='info') came_from = self.context.REQUEST.HTTP_REFERER # if the referrer already has a came_from in it, don't redirect back if (len(came_from) == 0 or 'came_from=' in came_from or From f3c0b16a42ac30ad8c2bfcca1c993063b41e0c0b Mon Sep 17 00:00:00 2001 From: Katja Suess Date: Mon, 30 Sep 2019 10:39:24 +0200 Subject: [PATCH 2/8] changelog --- news/163.enhancement | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 news/163.enhancement diff --git a/news/163.enhancement b/news/163.enhancement new file mode 100644 index 0000000..f6ee230 --- /dev/null +++ b/news/163.enhancement @@ -0,0 +1,2 @@ +link of notification mail: /@@moderate-publish-comment : publish only pending comment, else show status message "comment already approved" +[ksuess] From 8bd1992a7f02e66821c8b62d92f1e0339e568c22 Mon Sep 17 00:00:00 2001 From: Katja Suess Date: Fri, 22 Nov 2019 19:45:12 +0100 Subject: [PATCH 3/8] IDisableCSRFProtection on @@moderate-publish-comment removed --- plone/app/discussion/browser/moderation.py | 1 - 1 file changed, 1 deletion(-) diff --git a/plone/app/discussion/browser/moderation.py b/plone/app/discussion/browser/moderation.py index 075ee8a..2420e40 100644 --- a/plone/app/discussion/browser/moderation.py +++ b/plone/app/discussion/browser/moderation.py @@ -207,7 +207,6 @@ class PublishComment(BrowserView): """ def __call__(self): - alsoProvides(self.request, IDisableCSRFProtection) comment = aq_inner(self.context) content_object = aq_parent(aq_parent(comment)) workflowTool = getToolByName(comment, 'portal_workflow', None) From 1e5951101f2673897c1701db327ca3f0b5e353cd Mon Sep 17 00:00:00 2001 From: Katja Suess Date: Fri, 22 Nov 2019 19:47:12 +0100 Subject: [PATCH 4/8] prevent infinite request for confirmation (plone.protect) --- plone/app/discussion/browser/moderation.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plone/app/discussion/browser/moderation.py b/plone/app/discussion/browser/moderation.py index 2420e40..6b24b95 100644 --- a/plone/app/discussion/browser/moderation.py +++ b/plone/app/discussion/browser/moderation.py @@ -228,7 +228,8 @@ class PublishComment(BrowserView): # if the referrer already has a came_from in it, don't redirect back if (len(came_from) == 0 or 'came_from=' in came_from or not getToolByName( - content_object, 'portal_url').isURLInPortal(came_from)): + content_object, 'portal_url').isURLInPortal(came_from) or + '@@confirm-action' in came_from): came_from = content_object.absolute_url() return self.context.REQUEST.RESPONSE.redirect(came_from) From 3d3c6385650512e24cab94a05e013ebed6817769 Mon Sep 17 00:00:00 2001 From: Katja Suess Date: Sun, 1 Dec 2019 19:47:08 +0100 Subject: [PATCH 5/8] Notification moderator: email of commentator added. Link as is but request to log in for moderating comment added. New moderator notification with email and link to commented page and request to login. No links to approve and delete: due to CSRF direct links to modification of Plone objects result in request to confirm. So page with comments is presented to moderator. If already logged in, moderator is on comment to moderate. If not logged in, moderator is on login page with came_from. --- plone/app/discussion/comment.py | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/plone/app/discussion/comment.py b/plone/app/discussion/comment.py index 3baca53..9c68738 100644 --- a/plone/app/discussion/comment.py +++ b/plone/app/discussion/comment.py @@ -58,12 +58,12 @@ MAIL_NOTIFICATION_MESSAGE = _( MAIL_NOTIFICATION_MESSAGE_MODERATOR = _( u'mail_notification_message_moderator', default=u'A comment on "${title}" ' - u'has been posted here: ${link}\n\n' - u'---\n' - u'${text}\n' + u'has been posted by ${commentator}\n' + u'here: ${link}\n\n' u'---\n\n' - u'Approve comment:\n${link_approve}\n\n' - u'Delete comment:\n${link_delete}\n', + u'${text}\n\n' + u'---\n\n' + u'Log in to moderate.\n\n', ) logger = logging.getLogger('plone.app.discussion') @@ -419,8 +419,6 @@ def notify_moderator(obj, event): # Compose email subject = translate(_(u'A comment has been posted.'), context=obj.REQUEST) - link_approve = obj.absolute_url() + '/@@moderate-publish-comment' - link_delete = obj.absolute_url() + '/@@moderate-delete-comment' message = translate( Message( MAIL_NOTIFICATION_MESSAGE_MODERATOR, @@ -428,8 +426,14 @@ def notify_moderator(obj, event): 'title': safe_unicode(content_object.title), 'link': content_object.absolute_url() + '/view#' + obj.id, 'text': obj.text, - 'link_approve': link_approve, - 'link_delete': link_delete, + 'commentator': obj.author_email or translate( + Message( + _( + u'label_anonymous', + default=u'Anonymous', + ), + ), + ) }, ), context=obj.REQUEST, From 296d591856ecdaf3a7002b9591433ea334cce4c0 Mon Sep 17 00:00:00 2001 From: Katja Suess Date: Sun, 1 Dec 2019 19:53:11 +0100 Subject: [PATCH 6/8] Update moderation.py unused IDisableCSRFProtection removed --- plone/app/discussion/browser/moderation.py | 1 - 1 file changed, 1 deletion(-) diff --git a/plone/app/discussion/browser/moderation.py b/plone/app/discussion/browser/moderation.py index 6b24b95..e05352e 100644 --- a/plone/app/discussion/browser/moderation.py +++ b/plone/app/discussion/browser/moderation.py @@ -8,7 +8,6 @@ from plone.app.discussion.events import CommentDeletedEvent from plone.app.discussion.interfaces import _ from plone.app.discussion.interfaces import IComment from plone.app.discussion.interfaces import IReplies -from plone.protect.interfaces import IDisableCSRFProtection from Products.CMFCore.utils import getToolByName from Products.Five.browser import BrowserView from Products.Five.browser.pagetemplatefile import ViewPageTemplateFile From 7b43d80486cef1ac1cefd54f829ac7e783427391 Mon Sep 17 00:00:00 2001 From: Katja Suess Date: Mon, 2 Dec 2019 09:09:49 +0100 Subject: [PATCH 7/8] test_notifications moderator --- .../discussion/tests/test_notifications.py | 26 +++++++------------ 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/plone/app/discussion/tests/test_notifications.py b/plone/app/discussion/tests/test_notifications.py index 0320f1a..16844e2 100644 --- a/plone/app/discussion/tests/test_notifications.py +++ b/plone/app/discussion/tests/test_notifications.py @@ -197,9 +197,10 @@ class TestModeratorNotificationUnit(unittest.TestCase): provided=IMailHost) def test_notify_moderator(self): - # Add a comment and make sure an email is send to the moderator. + """Add a comment and make sure an email is send to the moderator.""" comment = createObject('plone.Comment') comment.text = 'Comment text' + comment.author_email = 'john@plone.test' comment_id = self.conversation.addComment(comment) @@ -215,27 +216,20 @@ class TestModeratorNotificationUnit(unittest.TestCase): # The output should be encoded in a reasonable manner # (in this case quoted-printable): self.assertTrue( - 'A comment on "K=C3=B6lle Alaaf" has been posted here:' - in msg) - self.assertIn( - 'http://nohost/plone/d=\noc1/view#{0}'.format(comment_id), - msg, + 'A comment on "K=C3=B6lle Alaaf" has been posted' + in msg ) self.assertIn( - 'Comment text', - msg, + 'http://nohost/plone/doc1/view#{0}'.format(comment_id), + msg ) - text = 'Approve comment:\nhttp://nohost/plone/doc1/' \ - '++conversation++default/{0}/@@moderat=\ne-publish-comment' self.assertIn( - text.format(comment_id), - msg, + comment.author_email, + msg ) - text = 'Delete comment:\nhttp://nohost/plone/doc1/' \ - '++conversation++default/{0}/@@moderat=\ne-delete-comment' self.assertIn( - text.format(comment_id), - msg, + comment.text, + msg ) def test_notify_moderator_specific_address(self): From 000e929b753a403f9fa6284a7ddbf7abedb672b3 Mon Sep 17 00:00:00 2001 From: Katja Suess Date: Mon, 2 Dec 2019 09:20:12 +0100 Subject: [PATCH 8/8] changelog detailed info --- news/163.enhancement | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/news/163.enhancement b/news/163.enhancement index f6ee230..e5b7564 100644 --- a/news/163.enhancement +++ b/news/163.enhancement @@ -1,2 +1,4 @@ -link of notification mail: /@@moderate-publish-comment : publish only pending comment, else show status message "comment already approved" +Notification moderator: - Email commentator added + - Link to commented page for editing, approving, deleting comment instead of link to /@@moderate-publish-comment and @@moderate-delete-comment +/@@moderate-publish-comment : publish only pending comment, else show status message "comment already approved" [ksuess]